Bugzilla – Bug 842512
VUL-1: CVE-2013-4369: XSA-68: xen: possible null dereference when parsing vif ratelimiting info
Last modified: 2015-02-19 03:33:30 UTC
bugbot adjusting priority
public now Xen Security Advisory CVE-2013-4369 / XSA-68 version 2 possible null dereference when parsing vif ratelimiting info UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The libxlu library function xlu_vif_parse_rate does not properly handle inputs which consist solely of the '@' character, leading to a NULL pointer dereference. IMPACT ====== A toolstack which allows untrusted users to specify an arbitrary configuration for the VIF rate can be subjected to a DOS. The only known user of this library is the xl toolstack which does not have a central long running daemon and therefore the impact is limited to crashing the process which is creating the domain, which exists only to service a single domain. VULNERABLE SYSTEMS ================== The vulnerable code is present from Xen 4.2 onwards. MITIGATION ========== Disallowing untrusted users from specifying arbitrary VIF rate limits will avoid this issue. CREDITS ======= This issue was discovered by Coverity Scan and Matthew Daley. RESOLUTION ========== Applying the attached patch resolves this issue in all branches xsa68.patch xen-unstable, Xen 4.3.x, Xen 4.2.x $ sha256sum xsa68*.patch 64716cb49696298e0bbd9556fe9d6f559a4e2785081e28d50607317b6e27ba32 xsa68.patch
released
Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU Products: SLE-DEBUGINFO 11-SP3 (i386, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, x86_64) SLE-SERVER 11-SP3 (i386, x86_64)